Understand HIPAA HITRRUST Regional Rules in AWS

Interpretation of the Columns in Benchmark Compliance Rules:

Rule ID: A unique identifier for the specific security rule or check

Title: A brief description of the security issue or misconfiguration

Severity — Low to High: Determines the risk of being exposed to attacks

Service Type: The AWS service affected or evaluated by the rule

Resource Type: The specific AWS resource being audited

Rule ID	Title	Severity	Service Type	Resource Type
CSPM-AWS-2024-0023	Unencrypted EBS Volume irrespective of its state	High	EC2	Volumes
CSPM-AWS-2024-0167	In every VPC, flow logging must be enabled	Critical	VPC	FlowLog
CSPM-AWS-2024-0176	API Gateway should be associated with a WAF Web ACL	Medium	APIGateway	Stages
CSPM-AWS-2024-0265	Classic Load Balancer should span multiple Availability Zones	Medium	ELB	LoadBalancers
CSPM-AWS-2024-0368	S3 general purpose buckets should be encrypted at rest with AWS KMS keys	Medium	S3	Buckets
CSPM-AWS-2024-0376	Secrets Manager should have automatic rotation of secrets enabled	Medium	SecretsManager	Secret
CSPM-AWS-2024-0445	Enable Encryption at Rest for Lambda Environment Variables using Customer Master Keys	High	Lambda	Function
CSPM-AWS-2024-0092	Rotation disabled for KMS Symmetric Customer Master Keys (CMKs)	Critical	KMS	Keys
CSPM-AWS-2024-0514	Enable Termination Protection for CloudFormation Stacks	High	CloudFormation	Stack
CSPM-AWS-2024-0178	API Gateway routes should specify an authorization type	Medium	APIGateway	API Gateway Method
CSPM-AWS-2024-0311	Neptune DB cluster snapshots should be encrypted at rest	Medium	Neptune	DBClusterSnapshot
CSPM-AWS-2024-0308	Neptune DB cluster snapshots should not be public	Medium	Neptune	DBClusterSnapshot
CSPM-AWS-2024-0306	Neptune DB clusters should be encrypted at rest	Medium	Neptune	DBClusterSnapshot
CSPM-AWS-2024-0176	API Gateway should be associated with a WAF Web ACL	Medium	APIGateway	Stages

Saner Platform